CVE-2022-0775

Опубликовано: 16 янв. 2024

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment

Ссылки

https://developer.woocommerce.com/2022/02/22/woocommerce-6-2-1-security-fix/
Release Notes
https://plugins.trac.wordpress.org/changeset/2683324
Patch
https://wpscan.com/vulnerability/b76dbf37-a0a2-48cf-bd85-3ebbc2f394dd/
Exploit
Third Party Advisory
https://developer.woocommerce.com/2022/02/22/woocommerce-6-2-1-security-fix/
Release Notes
https://plugins.trac.wordpress.org/changeset/2683324
Patch
https://wpscan.com/vulnerability/b76dbf37-a0a2-48cf-bd85-3ebbc2f394dd/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:woocommerce:woocommerce:*:*:*:*:*:wordpress:*:*

Версия до 6.2.1 (исключая)

EPSS

Процентиль: 56%

0.00339

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-hw3h-gc2r-whp8